Topics covered:\nWhile the Int
ernet has revolutionized business and commerce\, controls designed to prot
ect online assets haven’t developed as swiftly. The threat landscape has s
hifted and traditional defenses are not enough to prevent today’s APTs\, n
ation state hackers and cyber gangs operating from all points from around
the globe from targeting and exploiting your network.\nEmerging
Threat Analysis is designed to provide attendees with the skills need
ed to address these threats and to recognize emerging threats before they
breach your network.\nThis Hands-On course will teach the stu
dent:

\n

\n

How to build a test lab for threat analysis and resea
rch

\n

What is active defense and why it is an important tool for t
he security professional

Partici
pants will receive materials including a textbook\, copies of the CSA\, NI
ST\, and ENISA core documents\, and supplementary handouts as appropriate.
The course will include breakfast\, snacks\, and lunch\, and parking is p
rovided in the garage across from the Microsoft Learning Center.

The CCSP is a professional ce
rtification in cloud and information security\, providing competency in cl
oud computing infrastructure and security expertise for mid- to advanced-l
evel professionals in IT security\, architecture\, GRC\, audit\, and engin
eering for those with a background in securing\, managing\, or providing s
ervices in cloud environments. Beyond the beginning CCSK from CSA\, which
the introductory day will review\, the course will provide materials and g
uidance for the participant to prepare for the 4-hour\, 125-question techn
ical CCSP examination and credentialing (as well as the CCSK\, if desired)
. A score of 700 on a 1000 scaled score base will be required to pass the
exam\, which can be scheduled via www.isc2.org at Pearson Vue testing site
s\, at participant cost. More information may be obtained from https://www
.isc2.org/uploadedfiles/(isc)2_public_content/certification_programs/ccsp/
ccsp-brochure.pdf and the more detailed candidate booklet\, as well as the
CSA’s information at https://cloudsecurityalliance.org/media/news/isc2-an
d-cloud-security-alliance-introduce-new-cloud-security-certification/ .\n

\n

\n

About the Instructor:

\n

Ross A. Leo – ISC2 and CSA certified CCSP instructor
. Associate Director of Professional Training and\nDevelopment with
the Cyber Security Institute (CSI) at the University of Houston – Clear La
ke College of Science and Engineering.\n\nIn addition to h
is tenure with UHCL\, Mr. Leo has been an ISC2 instructor for over 20 year
s\, holding numerous professional credentials in security and related fiel
ds. He is a principal with Nivola Healthcare Solutions\, and has partnered
with SecureNinja (VP / CTO)\, Global Knowledge (Expert Instructor status)
\, and Intense School\, and held positions a CISO at UTMB – Galveston\, a
HIPAA consulting firm\, and as a Program Manager and Chief Security Archit
ect at NASA / JSC.

Participants will receive materials including a textbook\, copi
es of the CSA\, NIST\, and ENISA core documents\, and supplementary handou
ts as appropriate. The course will include breakfast\, snacks\, and lunch\
, and parking is provided in the garage across from the Microsoft Learning
Center.

The CCSP is a professional
certification in cloud and information security\, providing competency in
cloud computing infrastructure and security expertise for mid- to advanced
-level professionals in IT security\, architecture\, GRC\, audit\, and eng
ineering for those with a background in securing\, managing\, or providing
services in cloud environments. Beyond the beginning CCSK from CSA\, whic
h the introductory day will review\, the course will provide materials and
guidance for the participant to prepare for the 4-hour\, 125-question tec
hnical CCSP examination and credentialing (as well as the CCSK\, if desire
d). A score of 700 on a 1000 scaled score base will be required to pass th
e exam\, which can be scheduled via www.isc2.org at Pearson Vue testing si
tes\, at participant cost. More information may be obtained from https://w
ww.isc2.org/uploadedfiles/(isc)2_public_content/certification_programs/ccs
p/ccsp-brochure.pdf and the more detailed candidate booklet\, as well as t
he CSA’s information at https://cloudsecurityalliance.org/media/news/isc2-
and-cloud-security-alliance-introduce-new-cloud-security-certification/ .<
/td>\n

\n

\n

About the Instructor:

\n

Ross A. Leo – ISC2 and CSA certified CCSP instruct
or. Associate Director of Professional Training and Development with the C
yber Security Institute (CSI) at the University of Houston – Clear Lake Co
llege of Science and Engineering.\n

In addition to his tenure with U
HCL\, Mr. Leo has been an ISC2 instructor for over 20 years\, holding nume
rous professional credentials in security and related fields. He is a prin
cipal with Nivola Healthcare Solutions\, and has partnered with SecureNinj
a (VP / CTO)\, Global Knowledge (Expert Instructor status)\, and Intense S
chool\, and held positions a CISO at UTMB – Galveston\, a HIPAA consulting
firm\, and as a Program Manager and Chief Security Architect at NASA / JS
C.

Participants will receive materials including a textbook\,
copies of the CSA\, NIST\, and ENISA core documents\, and supplementary h
andouts as appropriate.\n

**** Plus 32 CPE hours.

\n

**** Plus
breakfast\, lunch\, snacks and free parking.

\n

\n

\n

Location:
strong>

\n

Harris County Dep
t of Education\, 6005 Westview Houston\, TX 77055

\n

\n

\n

About the
Course:

\n

The
CCSP is a professional certification in cloud and information security\, p
roviding competency in cloud computing infrastructure and security experti
se for mid- to advanced-level professionals in IT security\, architecture\
, GRC\, audit\, and engineering for those with a background in securing\,
managing\, or providing services in cloud environments. Beyond the beginni
ng CCSK from CSA\, which the introductory day will review\, the course wil
l provide materials and guidance for the participant to prepare for the 4-
hour\, 125-question technical CCSP examination and credentialing (as well
as the CCSK\, if desired). A score of 700 on a 1000 scaled score base will
be required to pass the exam\, which can be scheduled via www.isc2.org at
Pearson Vue testing sites\, at participant cost. More information may be
obtained from https://www.isc2.org/uploadedfiles/(isc)2_public_content/cer
tification_programs/ccsp/ccsp-brochure.pdf and the more detailed candidate
booklet\, as well as the CSA’s information at https://cloudsecurityallian
ce.org/media/news/isc2-and-cloud-security-alliance-introduce-new-cloud-sec
urity-certification/ .

\n

\n

\n

About the Instructor:\n

In addition to his tenure w
ith UHCL\, Mr. Leo has been an ISC2 instructor for over 20 years\, holding
numerous professional credentials in security and related fields. He is a
principal with Nivola Healthcare Solutions\, and has partnered with Secur
eNinja (VP / CTO)\, Global Knowledge (Expert Instructor status)\, and Inte
nse School\, and held positions a CISO at UTMB – Galveston\, a HIPAA consu
lting firm\, and as a Program Manager and Chief Security Architect at NASA
/ JSC.

Beyond the Scan: The Value Proposition of Vulnerabil
ity Assessment\nVulnerability Assessment is\, by some\, reg
arded as one of the least “sexy” capabilities in information security. How
ever\, it is the presenter’s view that it is also a key component of any s
uccessful infosec program\, and one that is often overlooked. Doing so ser
ves an injustice to the organization and results in many missed opportunit
ies to help ensure success in protecting critical information assets. The
presenter will explore how Vulnerability Assessment can be leveraged “Beyo
nd the Scan” and provide tangible value to not only the security team\, bu
t the entire business that it supports.

\n

Our Speaker: Damon Small\nDamon Small began his career studying music at Loui
siana State University. Pursuing the changing job market\, he took advanta
ge of computer skills learned in the LSU recording studio to become a syst
ems administrator in the mid 1990s. Following the dotcom bust in the early
2000s\, Small began focusing on cyber security. This has remained his pas
sion\, and over the past 15 years as a security professional he has suppor
ted infosec initiatives in the healthcare\, defense\, and oil and gas indu
stries. In addition to his Bachelor of Arts in Music\, Small completed the
Master of Science in Information Assurance degree from Norwich University
in 2005. His role as Technical Project Manager at NCC Group includes work
ing closely with NCC consultants and clients in delivering complex securit
y assessments that meet varied business requirements. Recent speaking enga
gements include DEFCON 23\, BSides Austin\, BSides San Antonio\, and HouSe
cCon.

You can register and learn more by following this link.\nRegistering early
helps the chapter avoid extra charges because if there are more guests tha
n planned we may have to pay an additional fee above food costs.

\n

The Meeting Bundle:\nDo you attend m
ost of the chapter meetings? Would you like to avoid the hassle of signing
up each month? Like a membership but your company won’t reimburse you? If
you answered yes to any of those questions\, you might like the Meeting B
undle from your ISSA chapter. For information visit: here.

Threat Intelligence: Bridging the Gap\n
In this presentation\, Justin will share experience from t
he unique perspective of applying threat intelligence in the Counter-Impro
vised Explosive Device (IED) mission during Operation Iraqi Freedom and Op
eration Enduring Freedom. The concepts\, methods\, and successes have para
llels in the world of Cyber Threat Intelligence\, and Justin will guide us
through the application of these methods in today’s challenges. Talent\,
Teamwork\, and Technology are necessary in defeating today’s advanced thre
ats.

\n

Our Speaker: Justin Rogers\nJustin has more
than 15 years of experience in networking\, telecommunications\, and the
defense and intelligence communities. Justin previously spent several year
s with the Combined Explosives eXploitation Cell (CEXC) deployed with a jo
int-expeditionary team in Baghdad\, Iraq\, as well as Bagram\, Afghanistan
. With CEXC\, Justin focused on Counter-IED technologies\, training\, and
bridging the protection gap in defense of Coalition Forces. After joining
Centripetal Networks in 2012\, Justin has been focused on bringing Centrip
etal’s Active Network Defense platform to market. Justin has a BS in Elect
rical Engineering from the University of New Hampshire.

\n

Lu
ncheon Meeting Schedule:

\n

\n

11:15 a.m. Registration
/ Networking

\n

11:30 a.m. Luncheon / Networking

\n

11:45 a.
m. Chapter Business Meeting

\n

12:00 noon Keynote Presentation

\n

1:00 p.m. Adjourn Luncheon –

\n

\n

Our Sponsor:\n

\n

\n

Vectra® Networks is the leade
r in real-time detection of in-progress cyber attacks. The company’s autom
ated threat management solution continuously monitors internal network tra
ffic to pinpoint cyber attacks as they happen. Vectra prioritizes attacks
that pose the greatest business risk\, enabling organizations to make rapi
d decisions on where to focus time and resources. www.vectranetworks.com.\n\nContac
t:

Understanding Attacker’s use of Covert Communication
s\nToday’s cyber attackers survive by hiding their attack c
ommunications from the prying eyes of network security. It’s a critical pa
rt of an attacker’s arsenal and it lets them patiently manage and propagat
e attacks throughout network\, while remaining undetected.

\n

\n

The latest techniques attackers use to hide their traffic in plain sight
li>\n

Why simple techniques like signatures and reputations of domains
or IPs come up short in finding these evolving forms of communication

\n

Why this isn’t really just a malware problem

\n

\n

What te
chniques can be used to systematically identity these forms of communicati
on and to treat them as a strong indicator of compromise?

\n

Our Speaker: Oliver Tavakoli\nOliver Tavakoli is Chief
Technical Officer of Vectra Networks. Oliver is a technologist who has alt
ernated between working for large and small companies throughout his 25-ye
ar career – he is clearly doing the latter right now. Prior to joining Vec
tra Networks\, Oliver spent more than 7 years at Juniper as Chief Technica
l Officer for the security business. Oliver joined Juniper as the result o
f its acquisition of Funk Software\, where Oliver was CTO and better known
as developer #1 for Steel-Belted Radius – you can ask him what product na
me came in second in the naming contest. Prior to joining Funk Software\,
Oliver co-founded Trilogy Inc. and prior to that\, he did stints at Novell
\, Fluent Machines and IBM.

Building the Right Threat Intelli
gence Team for your Company\nInformation professionals need
to develop people to have an understanding of how bad guys operate to pro
tect their friends\, family and company. Threat intelligence has emerged i
n the industry as a method to proactively achieve these goals. This talk w
ill help cover what good threat intelligence is\, discuss common processes
\, and what to strive for in an intelligence program.

\n

Spea
ker: James Dietle

\n

<
img class='size-full wp-image-631 alignleft' src='http://www.southtexasiss
a.org/wp-content/uploads/JamesDietle.jpg' alt='JamesDietle' width='116' he
ight='116' srcset='http://www.southtexasissa.org/wp-content/uploads/JamesD
ietle.jpg 116w\, http://www.southtexasissa.org/wp-content/uploads/JamesDie
tle-50x50.jpg 50w\, http://www.southtexasissa.org/wp-content/uploads/James
Dietle-80x80.jpg 80w\, http://www.southtexasissa.org/wp-content/uploads/Ja
mesDietle-75x75.jpg 75w\, http://www.southtexasissa.org/wp-content/uploads
/JamesDietle-85x85.jpg 85w' sizes='(max-width: 116px) 100vw\, 116px' />
strong>James is a computer enthusiast who started slinging CAT5\, coax and
silver satin in exchange for ice cream at the age of eight. With over 12
years of management experience\, he has led both technical teams and opera
tional departments in diverse and challenging environments across the worl
d. While holding numerous degrees and certifications\, he feels his best e
ducation continues to come through keyboard mashing\, and blue smoke from
failed home experiments. His lovely wife is completing her medical residen
cy in pediatrics and his 5 month old daughter is starting to gnaw on compu
ters.

Residual Risk – An Ideal for Calc
ulation\nWhy is it that\, with the tens of security standar
ds out there\, which we all comply with\, everyone is still getting breach
ed. We could blame it on people\, or maybe processes\, or even the techno
logy we use\, or is it something else? Obviously we are doing something w
rong and need a different way of doing things. This session will discuss
a potential way of calculating Residual Risk.

Michael is well known in the secu
rity community with his work designing\, developing\, implementing and dep
loying security products and architectures for multi-national corporate en
vironments. His work includes participating\, driving\, and creating secur
ity standards\, working on corporate policies\, national and international
legislation\, multi-national regulatory issues\, and participation in num
erous international and national advisory councils. He has been a featured
speaker at numerous national and international security conferences inclu
ding RSA\, ISSA\, and InfoSec. He has also participated on the RSA nationa
l program committee. Currently\, he chairs the ISSA International Webinar
Committee and is a technology contributor to the U.S. Department of Commer
ce Information Systems Technical Advisory Council. Michael currently holds
57 U.S. patents\, is a former Sigma-Xi distinguished lecturer and is the
recipient of the Trusted Computing Platform Alliance (TCPA) lifetime achie
vement award. In 2011 he was recognized by ISSA as the Security Profession
al of the Year and in 2013 he was named to the ISSA Hall of Fame.

\n

\n

Luncheon Meeting Schedule:

\n

\n

11:15
a.m. Registration / Networking

\n

11:30 a.m. Luncheon / Networking

\n

11:45 a.m. Chapter Business Meeting

\n

12:00 noon Keynot
e Presentation

\n

1:00 p.m. Adjourn Luncheon –

\n

\n

Our Sponsor:

\n

B
lue Coat is a leader in enterprise security\, providing on-premis
e\, hybrid and cloud-based solutions for protecting web connectivity\, com
bating advanced threats\, and responding to security breaches. Blue Coat i
s the global market leader in securing connection to the web and counts ne
arly 80 percent of the Global Fortune 500 as its customers. Blue Coat was
acquired by Bain Capital in March of 2015.

Andrew Bennett i
s a native Texan with nearly 20 years of experience in IT\, digital forens
ics\, and cybersecurity issues. He has an MS in Information Assurance and
Security and is a doctoral candidate at Pepperdine University’s Graduate School of Educa
tion and Psychology. He was named the Cyber Investigations Contributor of
the year by the International Association of Financial Crimes Investigator
s in 2013. He is the Director of the Center of Excellence in Digital Fore
nsics\, where it is his mandate to identify and assist in solving the cybe
r security and investigations problems facing society today.

\n

His r
ecent work includes\, research into data breeches vis-a-vis privacy\, a lo
w cost remote forensic imaging solution\, criminological profiling of onli
ne criminals\, penetration testing and validation of SCADA/ICS security me
asures\, 3D crime scene reconstruction\, network security visualization\,
and more. He and his team have participated and assisted in over 400 crim
inal cases in the past 5 years. He works with federal and state agencies
including the FBI\, Secret Service\, Homeland Security\, the US Marshals\,
the Texas Rangers and the ATFE to find solutions to cyber security and fo
rensics problems facing law enforcement and industry alike. His most exci
ting project this month is a partnership with the ATFE to examine digital
evidence left behind after pipe bomb explosions.

\n

Director Bennett
volunteers with local schools and the Boosting Engineering Science and Tec
hnology (BEST) Robotics Competition. He is actively involved in internati
onal advocacy for cyber security and education presenting his thoughts on
these topics to diverse audiences around the world. He participates in co
mmunity outreach for public cyber security education and privacy awareness
\, and is a tireless advocate for the dissemination of security and invest
igation best practices to every facet of our future lives.

\n

Directo
r Bennett prefers to be called Andy\, has a new daughter with his lovely w
ife and they reside on their little 8 acre ranch in the woods of East Texa
s. Andy and his family enjoy the outdoors\, watersports\, and home improv
ement projects.

\n

\n

From 1:00 to 3:00

\n

Workshop: Database Security for Enterp
rise Security Teams

\n

Data theft occurs every day and tha
t data almost always originates in databases. Why then does IT security ha
ve so little control over database security? Why is database security left
to DBAs who often have little security expertise? Is security a priority
for DBAs and should they be responsible? How do you meet security and comp
liance needs when it seems everything you try impacts the database? Data s
ecurity starts at having eyes on the data.If you’re not watching the data\
, you can’t hope to secure it. This means database monitoring\, but most o
rganizations think they can’t monitor databases\, because of perceived dat
abase performance impact\, the database itself doesn’t support effective a
uditing or some other reason. The reality is that lack of data visibility
is the greatest gap in data center security and compliance that currently
exists in almost every organization today. Why? This presentation will de
scribe many of the real and perceived challenges with database security. W
e will cover the reasons why DBAs may be reluctant to audit and explain wh
y many of those reasons are no longer valid. Today\, security teams are t
ypically responsible for securing data\, so there’s no reason why security
teams shouldn’t have full visibility and control of database activity to
achieve their mission.

\n

\n

Speaker: Terry Ra
y – Chief Product Strategist\, Imperva\, Inc.

\n

Terry R
ay is the Chief Product Strategist for Imperva\, Inc.\, the leading provid
er of data security solutions. Terry works directly with Imperva’s larges
t customers to educate them on industry best practices\, challenges and r
egulations. He also\, operates as an executive sponsor to strategic custo
mers who benefit from having a bridge between both company’s executive te
ams. During his 13 years at Imperva\, he has deployed hundreds of data se
curity solutions to meet the requirements of customers and regulators fro
m every industry. Terry is a frequent speaker for RSA\, ISSA\, OWASP\, IS
ACA\, Gartner\, IANS and other professional security and audit organizatio
ns in the Americas and abroad. Since 2003\, Terry has specifically focused
his efforts on data security and risk\,\nworking with companies to
help them discover and protect sensitive data\, and create controls to min
imize risk for regulatory governance and best practices.

\n

\n

He can be reached at terry@imperva.com

\n

Luncheon
Meeting Schedule:

\n

\n

11:15 a.m. Registration / Networ
king

\n

11:30 a.m. Luncheon / Networking

\n

11:45 a.m. Chapt
er Business Meeting

\n

12:00 noon Keynote Presentation

\n

1:
00 p.m. – 3:00 pm Imperva Database

\n

3:00 pm Adjourn Luncheon

\n

\n

Our Sponsor:

\n

Imperva is a leading provider of data and application secur
ity solutions that protect business-critical information in the cloud and
on-premises. Founded in 2002\, we have enjoyed a steady history of growth
and success\, generating $234 million in 2015\, with over 4\,500 customers
and 300 partners in more than 90 countries worldwide.

This course focuses on how to discover if a system has malware
and then how to do basic malware analysis and build a simple lab to do te
sting in. The goal being speed so you can get back to other tasks. We will
look at what tools you need\, the techniques and steps to analyze malware
so you can determine if a system is clean or truly infected.

\n

This
course is intended for everyday commodity malware that you might get in e
mail or surfing\, to advanced malware in a targeted attack. The focus will
be on Windows systems\; but will touch on some tools for Apple and Linux
systems as well.

Presentation: Cyber Security Employment Forecast &
How to leverage Social Media for your career without compromising your in
tegrity or reputation.

\n

Abstract: Tim will
cover the current cyber security job market climate and provide stats on w
here the market is headed over the next 5 years. With the expected job gr
owth and lack of cyber security talent\, there will be a flood of job oppo
rtunities. Everyone wants to have the perfect job or career opportunity\,
therefore\, how do you filter through the recruiter noise and job hopping
temptations drawn to you by social media. Tim will discuss how to proper
ly leverage Social media without compromising your reputation\, your integ
rity and most importantly your career path.

\n

\n

\n

Bio: Tim Howard is the founder of four techn
ology and staffing firms. Through his innovative technology growth program
\, he has been able to accelerate the uptake of new technologies both dome
stically and abroad. Tim co-founded Energy Sourcing in 2008 to help bridge
the gap between the Oil & Gas companies and technology companies. In 201
4\, he founded Fortify Experts which is focused on helping companies fill
their cyber security employment gap by finding exceptional cyber security
talent. Tim previously served in leadership positions for leading softwar
e and consulting firms. He has degrees from Texas A&M University in Indus
trial Distribution and Marketing.

\n

Contact Information:

\n

10497 Town & Country Way\, Suit
e 700\nHouston\, TX 77024

\n

O: (7
13) 893.3940\nF: (888) 893.3545

\n

URL: http://fortifyexperts.com/

\n

Our Sponsor:

\n

Alvarez &
Marsal (A&M) is a leading global professional services firm that
delivers business performance improvement\, turnaround management and advi
sory services to organizations seeking to transform operations\, catapult
growth and accelerate results through decisive action. Our senior professi
onals are experienced operators\, world-class consultants and industry vet
erans who leverage the firm’s restructuring heritage to help leaders turn
change into a strategic business asset\, manage risk and unlock value at e
very stage.

\n

We support companies in developing and implementing bu
siness-focused cyber security strategies that respond to and support their
changing needs. Our professionals view cyber security and protection issu
es from an industry-specific perspective\, creating and implementing cyber
security programs tailored to clients’ specific risks

Choosing
a sandboxing solution can be challenging due to the wide array of options
available from established security vendors and new entrants. The market f
or network sandboxing consists of three categories: (1) stand-alone (solut
ions that have no dependencies on existing security infrastructure)\; (2)
sandboxing as a feature of firewalls\, intrusion prevention systems (IPSs)
and unified threat management (UTM) devices\; and (3) sandboxing as a fea
ture of secure Web gateways and/or secure email gateways.

\n

This joint ISSA-CSA session will specifical
ly look at the technical and business considerations that are driving orga
nizations and vendors to implement cloud based sandboxing.

\n

Cloud sandboxing: A dynamic anal
ysis technique designed to identify malware that doesn’t rely on the use o
f signatures. It is a technique that has been leveraged by the research co
mmunity for some time and is now seen as a critical component of a defense
-in-depth strategy due to increasingly complex attacks that are simply not
identified by traditional signature-based approaches. A Cloud Sandbox (a
virtual lab)\, simply refers to any computing environment created via virt
ualization to mimic a production infrastructure\, the purpose of which is
to test unverified code execution that may contain a virus or other malici
ous code\, without allowing the software to harm the host.

\n

In addition to reviewing
current technical and business drivers that are pushing sandbox security
architectures into the cloud\, this session will cover the latest advancem
ents in sandbox arrays used to better protect organizations and end-users
against the most evasive of targeted attacks and weaponized files. We’ll r
eview the problems and caveats associated with on-premise sandboxing versu
s the newest cloud-based implementations\, as well as the requirement for
content detonation and analysis of “patient zero” code execution (at line
speed) versus detection and profiling of “hibernating” threats—while not b
locking content.

\n

There are significant
reasons why cloud-based sandboxes are qualitatively more effective than o
n-premise appliances:

\n\n

Cloud-based sandboxes are free
of hardware limitations\, and therefore scalable and elastic. As a result\
, they can track malware over a period of hours or days with zero performa
nce overhead—instead of seconds or minutes—allowing for more robust malwar
e profiling of the more evasive targeted threats that have been evading on
-premise sandbox detection\, such as numerous targeted Spear Phishing atta
cks and “Time Bomb” attacks that need to be simulated with custom times an
d dates.

\n\n\n

Cloud-based sandboxes aren’t limited by
geography. For example\, attackers often target offices that are located i
n a different region than where the on-premise sandbox is running (typical
ly the enterprise’s headquarters). However\, cloud-based sandboxes avoid t
his by allowing the malware to run from different locations worldwide\, no
matter where users are located or whether they are connected to corporate
resources (or not)\, cloud sandboxing is more difficult to bypass.

\n\n\n

Cloud Sandbox Arrays: These configurations are not pos
sible within an appliance form factor. Newer cloud based sandbox architect
ures incorporate advanced file detonation\, profiling\, and sanitization c
apabilities that can simultaneously disarm weaponized content and files at
line speed while continuously monitoring “time bomb” code executions and
dwells times. These newer cloud sandbox arrays can disarm content with nea
r-zero false positives even before patient-zero threat profiling has been
completed or time-delayed malware execution is initiated—ensuring sub-seco
nd remediation of targeted unknown threats with zero reliance on signature
s.

\n\n\n

SSL inspection and Content Networks: By the end of 2016\, SSL i
s expected to consume 60% of all web traffic (NSS Labs)\, yet very few org
anizations inspect SSL traffic. Inspecting SSL traffic can require as many
as 8X the number of security appliances versus cloud based implementation
s. And CDNs are the source of over 40% of all web traffic\, yet this traff
ic is rarely inspected in current appliance based implementations.

\n<
/ol>\n

Biographies:

\n

\n\n

\n

Speaker 1:

\n

\n

Bil Harmer serves as the Strategist a
t Zscaler where he runs the Office of the CISO in the Americas. In this ro
le he engages security executives at a peer level to drive best practices
and facilitate industry wide collaboration on emerging security topics. Ha
ving effectively written the
book on developing and implementing Security and Privacy compliance f
or Cloud\, he is also responsible for providing subject matter expertise t
hrough speaking engagements\, blogging and media collaboration. Prior to j
oining Zscaler Harmer was the Chief Security Officer at GoodData Corp and
the VP Security & Cloud Privacy Office for the Cloud Division of SAP. He h
as provided advisory services to Adallom\, TrustScience\, ShieldX Networks
and Resolve Systems. He is CISSP\, CISM and CIPP certified.

\n

\n

\n

Speaker 2:

\n

<
/td>\n

Simon Taylor has worked in Information Technology for over three d
ecades\, with extensive experience across product innovation\, business de
velopment\, business transformation and IT operations management. He has h
eld senior positions at leading technology and financial services companie
s across Europe\, Asia\, Latin America and North America\; most recently w
ith HSBC\, where he ran IT Operations across North and South America. Simo
n is currently a consultant to the Board of Glasswall Solutions on technol
ogy\, commercial and business-development strategies for establishing Glas
swall as a leader in the international Cyber-security marketplace.

Members and Professionals in Information Security and those preparing fo
r the CISSP or CompTIA Network+ or Security+ exam or Cisco networking exam
s (e.g.\, CCNA).\nProfessionals in related fields: Network Admins /
MCSE or CCNA holders\, IT Audit\, DRP/BCP\, Information Systems\, High-Tec
h Crime\, Physical Security (Click here
to join ISSA if not a member)\nThose needing 7 hours CPE toward a re
lated credential / certification.\nOverview for IT students and thos
e new to IT / IT Security / Audit\nRegister for the seminar
now!

PARKING:
Sewell Hall (Bldg. 65) is circled in yellow. The Rice Univer
sity entrance #3 is best\, but #2 or
#1 may be used with caution\, from Main St. (blue circles). You may wish
to enter off Rice Blvd. or University Blvd\, and circle the campus to the
parking lot. Rice IT Security staff will confirm that students will be
able to enter on the ONE MARKED PARKING LOT between 8:00am and 5:00pm\, a
nd be keeper of the class list for parking that Rice U Security will hold.
No issues are expected for arrivals. ISSA will reimburse Rice U for reduc
ed parking rates.

\n

\n

At the circled red parking lot (Founder’s Lot)\, pull up to either g
ate for entry\, which is permitted after 7:30am\, and will be by pressing
the pink-circled (see photo) button to call security. Give name to “sign i
n” and have gate lifted. Exit will be by the same manner. (We will avoid u
sing credit card to enter/exit and validation “cards”. Rice may get a few
validation cards for emergencies.

Sean is the Enterprise Sales Director
for SSH in the US. Sean has over 25 years’ experience in the technology /
cybersecurity sector. Sean works with the world’s largest financial servic
es\, health care and technology firms \, advising them on the best practic
es to mitigate risk and meet compliance challenges associated with SSH key
based privileged access.\n

Tripwire\, s a leading provider of end
point detection and response\, security\, compliance and IT operations sol
utions for enterprises\, service providers and government agencies. Tripwi
re solutions are based on high-fidelity asset visibility and deep endpoint
intelligence combined with business context\; together these solutions in
tegrate and automate security and IT operations. Tripwire’s portfolio of e
nterprise-class solutions includes configuration and policy management\, f
ile integrity monitoring\, vulnerability management\, log management\, and
reporting and analytics.

For most of its history\, Industrial
Control Systems (ICS) system operators adopted the mantra of “security by
obscurity” thinking that they were safe from most cyber attacks. However\
, most modern ICS systems now operate on common hardware\, networking equi
pment\, and software platforms. With that technology convergence\, ICS sy
stems have also inherited a whole host of security vulnerabilities\, and r
equire a level of customization not available in many IT tools. This pres
entation will focus on the implementation of security and operational moni
toring tools within a SCADA environment\, as well as\, some of the unique
challenges that security practitioners may face.

\n

Biography
:

\n

\n\n\n

Speaker:

\n

\n

Chris Duffey is a SCADA Coordinat
or at Enterprise Products and has been involved in the Operational Technol
ogy world for the last 9+ years. He has worked in various capacities with
in SCADA including system development\, infrastructure support\, and cyber
security. Most recently he has been heavily involved in implementing Ent
erprise’s cyber security toolset for the SCADA environment\, including IDS
and Security Monitoring.\n

Erick Sanz will present on the security implications of moving d
ata to the cloud and how it compares with the current data center approach
.

\n

Biography:

\n

\n

\n\n

\n

Speaker 1:

\n<
td width='160'> \n

Erick is a principal information security engine
er with over 20 years experience in the Information Technology industry.
He has an extensive background in professional services\, training\, syste
m administration\, database administration\, programming\, network adminis
tration and application support. Erick’s specialization is in network se
curity\, including all the aspects needed to successfully secure critical
data while allowing for normal business processes to succeed.\n

Netskope™\, is the leading cloud access security broker (CAS
B)\, helps enterprises find\, understand and secure sanctioned and unsanct
ioned cloud apps. Through contextual awareness and a multi-mode architectu
re\, Netskope sees the cloud differently. This results in the deepest visi
bility and control\, the most advanced threat protection and data loss pre
vention and an unmatched breadth of security policies and workflows. The w
orld’s largest companies choose Netskope\, the only CASB that ensures comp
liant use of cloud apps in real-time\, whether accessed on the corporate n
etwork\, remotely or from a mobile device. With Netskope\, enterprises mov
e fast\, with confidence.

It has been said time and time again in several c
ontexts: “A good defense is a good offense”. There have also been a dizzyi
ng overabundance of overused Sun Tzu quotes about “knowing your enemy”. Ta
ke your favorite sport for example. No competitor formulates a defense wit
hout knowing the offensive tendencies and strategies of their opponent. Th
e same holds true in ICS cyber security. This presentation examines the mo
st recent known threat\, vulnerability\, and attack vectors/methods\, alon
g with threat modeling methods\, in order to help give the audience a more
targeted defensive (aka – risk mitigation) strategy. A more targeted defe
nsive strategy means a more efficient and cost-effective security posture
that minimizes impact to your resources.

\n

Biography:

\n

\n\n

\n

Speaker:

\n

\n

Clint is based in Houston\, Texas and is a Senior
Researcher with Kaspersky Lab. He has more than 20 years of professional e
xperience in cybersecurity\, with over 12 of those focused exclusively in
ICS security. Throughout his career\, Clint has worked in several key cybe
rsecurity roles (cyber threat/vulnerability research\, risk analysis\, pen
etration testing\, and cybersecurity product R&D) for the United States Ai
r Force\, cybersecurity vendors Symantec and Industrial Defender\, and maj
or consulting firms. The majority of his clientele has consisted of many o
f the world’s largest energy organizations. He is the lead author of the b
ook\, “Hacking Exposed\, Industrial Control Systems”\, has developed and t
aught dozens of ICS cybersecurity training courses\, and has been speaking
at ICS cybersecurity conferences (e.g. OilComm/ShaleComm\, API\, INTELEC\
, CyberShield\, and more) regularly since 2004. Clint continues his ICS cy
bersecurity threat/vulnerability research at Kaspersky Lab\, and is a volu
nteer cybersecurity mentor to high school and college students in his loca
l community.

Sponsor\, Rapid7
is a leading provider of security data and analytics solutions that enable
organizations to implement an active\, analytics-driven approach to cyber
security. We combine our extensive experience in security data and analyt
ics and deep insight into attacker behaviors and techniques to make sense
of the wealth of data available to organizations about their IT environmen
ts and users. Our solutions empower organizations to prevent attacks by pr
oviding visibility into vulnerabilities and to rapidly detect compromises\
, respond to breaches\, and correct the underlying causes of attacks. Rapi
d7 is trusted by more than 5\,600 organizations across over 100 countries\
, including 37% of the Fortune 1000. To learn more about Rapid7 or get inv
olved in our threat research\, visit www.r
apid7.com.

Presentation: The Annual South Texas
Chapter business meeting and elections followed by….The Annual InfoSec Cha
llenge\n

\n

Abstract: As yet another year has quickly passed it is time
again for the InfoSec Challenge Contest\, the game of skill where WE the
membership engage in a team competition to determine who has the best secu
rity skill and current cyber affairs knowledge.

\n

InfoSec Cha
llenge is a team skills challenge event\, your team consisting of the memb
ers and guests from your table. Choose where your table carefully. The con
test is played in three rounds: The InfoSec Challenge Round\, InfoSec Chal
lenge2 Round where points double\, and Final InfoSec Challenge where the t
op three tables can wager any amount up to the amount earned during the fi
rst two rounds. Features of the contest include a familiar clue/question f
ormat plus the InfoSec Double and a few surprise chances to earn significa
nt points. The Clue/Questions are arranged in categories that are revealed
at the beginning of each round. Table numbers are drawn by lot for the op
portunity to provide a question that fits the clue until either all clues
are revealed or time expires.

\n

Don’t Miss The InfoSec Challenge!

\n

To allow everyone an opportunity to prepare\, tune their security sk
ills\, and earn a few CPEs\, material will be taken from:

\n

\n

(
ISC)2 InfoSecurity Professional\, Issues from 2016 to include Sept\, Oct\,
Nov\, and December

Abstract: Over the past few years we have all seen the devastatin
g effects of cyber breaches – regardless of if it has been a lost laptop o
r a POS intrusion. This session will go over the basics of Cyber Insuranc
e\, things to watch out for and things to do.

\n

Biogr
aphy:

\n

\n
\n

\n

\n

\n

\n

\n

Property & Casualty Consultant

\n

Rachel joined USI Insur
ance Services as a Property and Casualty Consultant in May 2015. She is fo
cused on providing the various risk management solutions to upper-middle t
o large market size accounts. Her primary responsibility is coordinate the
relationship between USI’s resources and her clients. She also is the fou
nder of a LinkedIn group called Big Cyber\, where she focuses on networkin
g Cyber Security professionals with CFO’s. The group was created to meet t
he needs of the financial professionals\, who were struggling to grasp the
cyber liability and security world.

\n

Prior to joining USI\, Rachel started in the insurance indus
try at Liberty Mutual\, while attending college at Indiana University of S
outh Bend\, where she obtained a B.A. in History. After relocating to Hous
ton\, TX she continued her insurance career at The Harford where she adjus
ted Workers Compensation Claims for Large National Accounts. She then acce
pted a position as a Claims Consultant for Wells Fargo Insurance Services\
, where she established a rapport with her clients\, and championed favora
ble claims outcomes on their behalf. She also began working on several cyb
er liability claims which were just starting to become more prevalent. She
was then promoted to Southern Regional Marketing Manager for Safehold Spe
cial Risk\, which is a subsidiary of Wells Fargo. While working on the MGA
side of insurance she marketed 18 commercial package programs across the
Southern United States. One of those programs was a cyber liability progra
m that was marketed to majority of brokers across 13 states in the South.
This experience gave her a very unique outlook on the industry as she met
with countless professionals from all segments of the insurance spectrum.
Rachel’s varied insurance background in insurance has positioned her to pr
ovide a holistic viewpoint that her clients relate well to.\n

\n

\n

\n

\n\n

\n

Our Sponsor:

\n

\n\n

\n

\n

\n

\n\n

Founded by elite former military cybersecur
ity experts with deep experience in cyber-offense operations\, the Cyberea
son platform mirrors the founders’ expertise in managing some of world’s m
ost complex hacking operations. The Cybereason Detection and Response Plat
form leverages big data\, behavioral analytics and machine learning to unc
over\, in real-time\, complex cyber-attacks designed to evade traditional
defenses. It automates the investigation process\, connects isolated malic
ious events and visually presents a full malicious operation. The platform
is available as an on-premise solution or a cloud-based service. Cybereas
on is privately held and headquartered in Boston with offices in London\,
Tel Aviv and Tokyo.

Several technologies\, not limited to traditional security solutions\, c
yber analytics or honeypots\, contribute to the capability of tracking an
attackers lateral movement across your network but all suffer from key dra
wbacks in practice.

\n

Dec
eption Based systems present a new paradigm that emerges from a synthesis
between the best of honeypot and IDS/IPS technological capability. Detecti
on occurs earlier in the attacker life cycle without limiting forensic ana
lysis to what is occurring within a honeypot. Unlike traditional security
solutions\, the burden of avoiding detection is heavily on the attacker\,
relieving the defender’s burden to be right every time. Instead of being
difficult to deploy in mass like a honeypot and breadcrumbs\, a deception
management system greatly simplifies deployment\, maximizes diversity of
deceptions\, automates changes to deceptions over time and blends deceptio
ns into the real environment. Illusive Network’s architecture lends itself
to high fidelity alerting that allows for security automation and orchest
ration capabilities that were previously unattainable.

Nauma
n Alikhan is a strategic IT and sales engagement leader with 20 years of e
xperience. He has experience working in management roles providing excelle
nt service in cross matrixed organizations in Fortune 500 and Internationa
l customers. As a successful implementer of strategy\, his work was instru
mental in providing a conduit between sales and the customers which he ser
ved\, growing revenue at well-known security companies such as Trend Micro
\, ESRI and ServiceNow. He currently works at illusive Networks\, a securi
ty startup focused on high fidelity intrusion detection and prevention thr
ough the use of deception technology.\n

Check Point Software Technolo
gies Ltd. (www.checkpoint.com)\, is the largest network cyber security ven
dor globally\, providing industry-leading solutions and protecting custome
rs from cyberattacks with an unmatched catch rate of malware and other typ
es of threats. Check Point offers a complete security architecture defendi
ng enterprises – from networks to mobile devices – in addition to the most
comprehensive and intuitive security management. Check Point protects ove
r 100\,000 organizations of all sizes.

Check Poi
nt threat research and security insight team have seen a spike in the amou
nt of mobile malware and breaches stemming from mobile devices.

\n

Wh
ile mobile device security was once a way of the future\, it is now bring
ing mayhem to the business world by the inability to secure against zero-d
ay threats on devices.

\n

Jessica Patterson\, of Check Point Software\,
will dive deeper into the malware campaign “Gooligan
”. Gooligan exposed over 1 million Google account credentials and other w
ays hackers could infiltrate organizations through the lack of mobile devi
ce security.

\n

Biography:

\n\n\n

\n

\n

<
/td>\n

Jessica Patterson is
a Corporate cybersecurity catalyst who is committed to sharing threat int
elligence\, innovative technologies\, and security insights with business leaders to better secu
re and enable their organization to succeed.

OPSWAT is a San Francisco based software company that pro
vides solutions to secure and manage IT infrastructure. Our technologies p
rovide unmatched protection & analysis of known and unknown threats\, allo
wing organizations to control & secure their data flows as well as enhanci
ng malware detection in third-party security applications.

Members and Professionals in
Information Security and those preparing for the CompTIA Project+ exam (o
r PMI examination and career paths) or interested in project management.
li>\n

Professionals in related fields: Information Systems / IT staff w
ho work with IT project development\, integration\, and completion\; \, IT
Audit and Security\, DRP/BCP\, Technology Management (Click here to join
ISSA if you are not a member)

CompTIA Project+ verifies know
ledge of the entire project management life cycle as well as skills needed
to initiate\, plan\, execute\, monitor and control and close a project. P
roject+ also includes business\, interpersonal and technical project manag
ement skills required to manage projects and initiatives.

As Cybersecurity professionals you teach
your co-workers about security and safety when using the internet. But wha
t do you teach your kids? Kids can spend half their time awake on the inte
rnet and many even go to school online. 91% of 18-24 year olds are social
networking friends with people they don’t know well. 90% of teens on socia
l media have witnessed or been victims of bullying and more than half enco
unter pornography. This presentation is a discussion of many of the threat
s your children may be exposed to on the internet and some actions that yo
u can take to protect them.

\n

Biography:

\n

\n\n

\n

<
/td>\n

<
/td>\n

Daniel Hasegawa is the Business Development
Manager for the Chevron Federal Credit Union. He is responsible for devel
opment and implementation of strategies to promote and expand access to th
e Credit Union’s select employee groups (SEGs)\; as well as teaming with o
ther managers to present the Credit Union’s message and products to curren
t and future members. Daniel is an able presenter and began his career as
a teacher (1983-1987). He has spent most of his career as a sales manager
and trainer for World Savings and then Wachovia Bank (1986-2008). Daniel l
ives in the East Bay with his wife\, Kristi\, and has two sons in college.
dhasegawa@chevronfcu.org.

Infoblox delivers Actionable Network Intellige
nce to enterprise\, government\, and service provider customers around the
world. We are the industry leader in DNS\, DHCP\, and IP address manageme
nt\, the category known as DDI. We empower thousands of organizations to c
ontrol and secure their networks from the core—enabling them to increase e
fficiency and visibility\, improve customer service\, and meet compliance
requirements.\n

With Infoblox\, organizations can protect against th
e rising flood of malware and cyberattacks that target networks\; overcome
complexity by creating a single point of control across traditional data
centers as well as public and private cloud deployments\; establish a sing
le point of enforcement for security and compliance policies\; and deliver
actionable insights for making networks more reliable\, efficient\, and e
ffective.

Join leading security experts
in discussing the impact of Cloud Security to Houston during a full day c
onference. Regardless of your background\, this conference will help enhan
ce your knowledge of Cloud Security topics\, terms\, and risks. Over 140
Houston IT and Security Professionals will be attending the conference at
the newly built Microsoft Technology Center in the City Center area.

Conference Bags to include addit
ional information on Cloud Security Vendors and Products

\n

\n

This conference is hosted by South Texas ISSA
and the Houston Cloud Security Alliance (CSA) Chapter\, both nonprofit ed
ucational organizations dedicated to cloud technologies and information se
curity. Speaking slots are still available\, contact president@southtexas
.issa.org for more information.

\n

For
free parking everyone should park across the street from the Microsoft off
ice on the 3rd and 4th floors of the parking garage at 12711 Queensbury. T
he parking garage entrance is opposite the Queensbury Theater and the Micr
osoft Office is next to the Theater. The event is on the 10th floor\, rece
ption will guide you to the correct room.

\n

Register today! Tickets are only available online and are limited!<
/p>\n

Thi
s month\, ISSA is proud to have Ira Winkler present the topic “Fighting Ad
vanced Persistent Threats with Advanced Persistent Security”\, plus a bonu
s training session after lunch on “Incorporating Threat Intelligence into
Security Awareness Programs”. The lunch is from 11:30am until 1:30pm. Trai
ning will immediately follow and continue until 3:30pm. Ira will also be a
vailable to personally sign his new book “Advanced Persistent Security: A
Cyberwarfare Approach to Implementing Adaptive Enterprise Protection\, Det
ection\, and Reaction Strategies”. His new book is available on Amazon at:
http://amzn.to/2oz95nz.

Lunch Abstract: It appears t
hat any successful attack these days is labeled “sophisticated”. The impli
cation is that the attacks were unpreventable. The reality is very differe
nt. This presentation dissects recent attacks\, and then goes through how
they could have been prevented. Advanced Persistent Security principles ar
e applied to demonstrate how even successful breaches can be contained to
significantly reduce loss. Special Additional Training Topic: Incorporatin
g Threat Intelligence into Security Awareness Programs

Ira Winkler\, CISSP\, is President of Secure Mentem\, author of Advan
ced Persistent Security\, and Co-Host of the Irari Report. He is considere
d one of the world’s most influential security professionals and has been
named a “Modern Day James Bond” by the media. He won the Hall of Fame awar
d from ISSA\, and most recently\, CSO magazine named him a CSO Compass Awa
rd winner as “The Awareness Crusader.” Winkler has designed implemented\,
maintained and assessed awareness programs for decades\, in organizations
throughout most industries. He performed empirical research on the success
of awareness efforts. His espionage simulations examine the success of se
curity programs in general\, and also provide a base of knowledge in respo
nded to incidents\, many involving human exploitation.

On Apri
l 3rd 2017 Intel Security will convert to McAfee once again. A new approac
h is due for the security industry that is faster\, more resilient\, and o
pen. Many of us have investments in many different security vendor solutio
ns – McAfee is fundamentally changing the approach how to gain better visi
bility and detection capabilities among the various technologies with a ne
w security messaging data bus called the Data Exchange Layer (DXL). Your f
irewall can now talk to your endpoints\, your web gateways and any other s
ecurity technology in the environment to provide better outcomes. Truly\,
the security controls are now de-siloed and can work together to provide t
he best visibility and detection in the industry. In 2017 McAfee will be f
ocusing on 4 key initiatives – the Dynamic Endpoint\, Intelligent Security
Operations\, Pervasive Data Protection plus Cloud and Datacenter Defense
technologies.

\nAlex Vasquez is a Solutions Architect in the Securi
ty and Data Center practices at Accudata Systems\, and provides pre-sale s
and consulting services to customers primarily in the field of security a
nd application delivery. Alex has spent six years at Accudata developing a
nd refining his professional and technical services. He specializes in imp
lementing mobile device security solutions and assisting customers with de
veloping security strategies . Today\, Alex performs security assessments
for customers by providing recommendations for improvement across a range
of technologies\, plays an ongoing critical role as an architect for one o
f the largest healthcare organizations in Texas\, and designs application
delivery solutions for enterprise environments. vasquez.alex83@yahoo.com.<
/span>\n

The Leading Provider of Information Security
and Compliance Cloud Solutions\n

The Qualys Cloud Platform
and integrated suite of solutions helps businesses simplify security oper
ations and lower the cost of compliance by delivering critical security in
telligence on demand and automating the full spectrum of auditing\, compli
ance and protection for IT systems and web applications.

\n

Used by m
ore than 9\,300 customers in over 100 countries\, including a majority of
each of the Forbes Global 100 and Fortune 100\, the Qualys Cloud Platform
performs more than 3 billion IP scans/audits a year resulting in over 1 tr
illion security events.

\n

Founded in 1999\, Qualys has established s
trategic partnerships with leading managed service providers and consultin
g organizations including Accenture\, BT\, Cognizant Technology Solutions\
, Deutsche Telekom\, Fujitsu\, HCL\, HP Enterprise\, IBM\, Infosys\, NTT\,
Optiv\, SecureWorks\, Tata Communications\, Verizon and Wipro. The compan
y is also a founding member of the Cloud Security Alliance (CSA).

Lunch Abstract: <
/strong>You’re doing everything you can to make your internal customers ha
ppy right? Sometimes it seems like “it’s never enough” or “they’re never s
atisfied.” This session is about looking at an approach to serving your cl
ients that leaves both them and you satisfied and fulfilled. We will discu
ss how to shift into being proactive with your internal customers versus r
eactive and the skills to communicate with them in a way that engenders co
llaboration across the entire organization.

\n

Biography:

\n

\n\n

\n

\n

\n

Kevin Cullen\, President and Co-Founder of Leadera Consulting Group\, has
been helping businesses create powerful leaders through breakthrough trai
ning for over 30 years. Working with key individuals to fortune 500 compan
ies\, Kevin is committed to creating and empowering leaders of a new era.
As a specialist in leadership development\, strategic implementation\, per
formance coaching and artful communication\, Kevin has trained leaders at
every level within an organization. His leadership expertise has consisten
tly delivered improved performance\, assisted businesses implement change
initiatives to seize growth opportunities while aggressively striving to a
ttain measurable\, lasting results.

Max 100questions: Instant certification upon passing and is good
for LIFETIME\n

\n

No renewal needed\; \, no CPE requirem
ents)

\n

Great stepping stone to CAPM and PMP!

\n

Examination
vouchers available for additional cost.

\n

\n

\n

\n

CPE:

\n

7 hours (CPE will also count to
ward other certifications)

\n

\n

\n

Who:

\n

\n

\n

Overview for IT students and those new to IT / IT Secur
ity / Audit project management

\n

Members and Professionals in Info
rmation Security and those preparing for the CompTIA Project+ exam (or PMI
examination and career paths) or interested in project management.

\n

Professionals in related fields: Information Systems / IT staff who wo
rk with IT project development\, integration\, and completion\; \, IT Audi
t and Security\, DRP/BCP\, Technology Management (Click here to join ISSA
if you are not a member)

Exam Details:

\n\n\n

\n

Exam Codes:

\n

PK0-004 (available 3/
15/17)

\n

PK0-003

\n

\n

\n

Exam Description:<
/strong>

\n

CompTIA Project+ is designed for business professionals
who coordinate or manage small-to-medium-size projects\, inside and outsi
de of IT. The exam certifies the knowledge and skills required to manage t
he project life cycle\, ensure appropriate\, communication\, manage resour
ces\, manage stakeholders\, and maintain project documentation.

\n

CompTIA Project+ verifies knowledge of the entire project management life
cycle as well as skills needed to initiate\, plan\, execute\, monitor and
control and close a project. Project+ also includes business\, interperson
al and technical project management skills required to manage projects and
initiatives.

Presentation: Impact of Quantum Comput
ing on Cryptography\nSpeaker: Edward Chiu\, CISSP\, CSSLP\nAbstract: We hear so much about quantum computing. Is it real?
How is it different from classical computing? What is the impact of quantu
m computing to cryptography? What can we do to prepare for post quantum er
a?

\n

Biography:

\n

\n\n

\n

\n

\n

Edward Chiu\, CISSP\, CSS
LP\, is a security research analyst of Chevron ITC\, IRSM (Information Ris
ks\, Strategy and Management) Security Technologies. His primary focus at
work is software engineering and software security. His cybersecurity rese
arch areas include open source software\, IoT security\, blockchain\, AI a
nd quantum computing. He holds a B.Eng. with major in Engineering Physics
from McMaster University\, MBA from the Chinese University of Hong Kong\,
and enrolled in graduate studies of Computer Science in the University of
Houston.\n

\n

\n\n

\n

Contact Information:

\n

\n\n

\n

Presenter:

\n

Edward Chiu\, CISSP\, CSSLP

\n

\n

\n

Title:\n

Security Research Analyst

\n

\n

\n

C
ompany:

\n

Chevron ITC

\n

\n

\n

eMail

\n

\n

\n\n

\n

Our Sponsor:

\n

\n\n

\n

\n

Symantec Corporation (NASDAQ: SYMC
)\, the world’s leading cyber security company\, allows organizations\, go
vernments\, and people to secure their most important data wherever it liv
es. Enterprises across the world rely on Symantec for integrated cyber def
ense against sophisticated attacks across endpoints\, infrastructure\, and
cloud. More than 50 million people and families rely on Symantec’s Norton
and LifeLock Digital Safety Platform to help protect their personal infor
mation\, devices\, home networks\, and identities at home and across their
devices. Symantec protects the Cloud Generation through our Integrated Cy
ber Defense Platform\, the industry’s most complete portfolio for securing
cloud and on-premises environments. We support 15\,000 enterprises in tak
ing full advantage of cloud computing without compromising the security of
the people\, data\, applications\, and infrastructure that drive their bu
siness. Our advanced technology portfolio is powered by the world’s larges
t civilian threat intelligence network\, enabling us to see and protect ag
ainst the most advanced threats.

Abstract: Maybe you’ve se
en the movies and read the psychological thrillers that imply con artists
have almost magical abilities to re-program your brain or hypnotize a mark
in order to bypass pesky locks\, or even swindle your wallet away from yo
u. But this is simply not the case. We will go through several real-life e
xamples of social engineering attacks and detail how you can protect yours
elf and your company against the grifter.

\n

Biography:

\n

\n\n

\n

\n

\n

Sophie Dani
el is a penetration tester and information security consultant. She specia
lizes in social engineering penetration assessments including\, physical\,
voice (vishing)\, and text (phishing) and red team pentests. Further\, sh
e consults in remediation and prevention through the creation and implemen
tation of policy and procedure\, as well as in-person customized training.
Prior to working in InfoSec\, Sophie was a journalist specializing in pho
tojournalism and investigations.\n
td>\n

Cylance has developed the most accur
ate\, efficient\, and effective solution for preventing advanced persisten
t threats and malware from executing on your organization’s endpoints. At
the core of Cylance’s unprecedented malware identification capability is a
revolutionary machine learning research platform that harnesses the power
of algorithmic science and artificial intelligence. It analyzes and class
ifies hundreds of thousands of characteristics per file\, breaking them do
wn to an atomic level to discern whether an object is good or bad in real
time.

Abstract: As yet another year has quickly passed it is time ag
ain for the InfoSec Challenge Contest\, the game of skill where WE the mem
bership engage in a team competition to determine who has the best securit
y skill and current cyber affairs knowledge.

\n

InfoSec Challe
nge is a team skills challenge event\, your team consisting of the members
and guests from your table. Choose where your table carefully. The contes
t is played in three rounds: The InfoSec Challenge Round\, InfoSec Challen
ge2 Round where points double\, and Final InfoSec Challenge where the top
three tables can wager any amount up to the amount earned during the first
two rounds. Features of the contest include a familiar clue/question form
at plus the InfoSec Double and a few surprise chances to earn significant
points. The Clue/Questions are arranged in categories that are revealed at
the beginning of each round. Table numbers are drawn by lot for the oppor
tunity to provide a question that fits the clue until either all clues are
revealed or time expires.

\n

Don’t Miss The InfoSec Challenge!

\n

To allow everyone an opportunity to prepare\, tune their security skill
s\, and earn a few CPEs\, material will be taken from:

\n

\n

(ISC
)2 InfoSecurity Professional\, Issues from 2017 to include Sept
\, Oct\, Nov\, and December

Abstract: The GDPR replaces
the Data Protection Directive and is designed to harmonize data privacy l
aws across Europe. It protects and empowers all EU citizens to control the
ir data privacy. The GDPR is being heralded as the most important change t
o data privacy since the DPD. While the GDPR was approved on April 14th\,
2016 and went into enforcement 20 days after it was published in the EU Of
ficial Journal\, enforcement goes into effect May 25th\, 2018.

\n

Since the GDPR directly impacts all EU States\, EU citizens and EU re
sidents\, it is critical that we understand the requirements as soon as po
ssible. This presentation will provide an overview of the GDPR and why it
is important to all Cyber professionals.

\n

Biography: Michael F. Ang
elo CRISC\, CISSP

\n

\n\n

\n

\n

\n

span>\n

Michael is well known in the security community for his work
designing\, developing\, implementing and deploying security products and
architectures for multi-national corporate environments. His work include
s participating\, driving\, and creating security standards\, working on c
orporate policies\, national and international legislation\, multi-nationa
l regulatory issues\, and participation in numerous international and nati
onal advisory councils. He has been a featured speaker at numerous nationa
l and international security conferences including RSA\, ISSA\, and InfoSe
c. Currently\, he chairs the ISSA International Webinar Committee and is a
technology contributor to the U.S. Department of Commerce Information Sys
tems Technical Advisory Council. Michael currently holds 60 U.S. patents\,
is a former Sigma-Xi distinguished lecturer and is the recipient of the T
rusted Computing Platform Alliance (TCPA) lifetime achievement award. His
ISSA honors include 2011 Security Professional of the Year\, being named t
o the ISSA Hall of Fame\, and in 2017 was named as an ISSA Fellow.

Presentation: Securing your company during a mer
ger\, what could possibly go wrong? …and how to prevent it!

\n

Speaker:
Rick Handley\, CISSP

\n

Abstract: Hear how to protec
t your manufacturing\, business systems\, IT operations and employees duri
ng a large (or small) merger. Learn about strategies successfully used to
protect OT from production networks and information assets from vulnerable
remote access. These were employed successfully during the merger and rap
id integration of a Fortune 500 company into a Fortune Global 500 company.
Other topics covered include risk assessment\, budget justification\, and
fostering collaboration.

\n

Biography:

\n

\n\n

\n

\n

<
strong>

\n

\nRick Handley\, CISSP is Data Security Manager for Schlum
berger has been an Information security practitioner for 20 year. Previous
roles at Schlumberger include Integration Security Manager and Endpoint S
ecurity Manager. Prior to Schlumberger he was Director of Network Security
and Integration for Smith International. Rick has been a speaker at IBM’s
Focus Conference and is currently Communications Director for South Texas
ISSA having served on the board since 2012.

Abstract: Business people and in partic
ular decision makers\, need to understand how threat intelligence will hel
p them to mitigate business risks. In addition\, the need to coordinate op
erational cybersecurity and business activities is continuously growing. T
his presentation will focus on how Information Sharing and Analysis Center
s (ISACs) help link cyber threat intelligence\, risk management\, and secu
rity operational activities\, to foster more effective cybersecurity and r
isk management decisions through cyber threat information sharing.<
/p>\n

B
iography:

\n

\n\n

\n

\n

\n

\nDavid is the Executive Director for the Oil and Natural
Gas Information Sharing and Analysis Center (ONG-ISAC)\, which provides t
o its member companies shared intelligence on cyber incidents and threats\
, and fosters collaborations amongst other communities committed to the pr
otection of the oil and natural gas industry. This is a pro-bono engagemen
t\, granted by Deloitte\, where David is an Advisory Specialist Leader wit
h Deloitte & Touche’s Cyber Risk Services. David has over 25 years of info
rmation technology experience within the oil and gas industry\, with the l
ast 15 years focused on information governance\, cybersecurity\, risk mana
gement\, audit\, and compliance. Prior to taking on the Executive Director
role for the ONG-ISAC\, David served for eight years as chief information
security officer at a global Fortune 50 integrated oil and natural gas co
mpany. During which time\, David served as chair of the American Petroleum
Institute IT Security Subcommittee (API ITSS)\, where he helped establish
the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC
).

\n

\n\n

\n

Contact Information:<
/span>

\n

\n\n

\n

Name:

\n

David Zach
er

\n

\n

\n

Title:

\n

ONG-ISAC Executive Director

\n

\n

\n

Company:

\n

Deloitte Advisory Specialist Leader | Cyber Risk Services

\n

\n

\n

email:

\n

dzacher@ongisac.org

\n

\n

\n

\n

\n

\n\n

\n

\n

\n

\n\n

\n

Our Sponsor:

\n

\n

\n

\n

\n

\n

CyberArk is the trusted leader
in Privileged Account Security\, with more than half of the Fortune 100 c
ompanies relying on our solutions to protect their most critical and high-
value assets.

Join us for a FREE threat hunting hands-on works
hop provided by ProtectWise following the monthly meeting

\n

\n

T
his workshop is designed for onsite use – BRING YOUR LAPTOP – all labs are
via a remote session and your laptop image is safe

\n

During the t
hreat hunting sessions\, you’ll be taught the best practices for effective
threat hunting and be given the opportunity to put this knowledge into pr
actice using real-world threat scenarios that enterprise commonly face.\n

This session is designed to search at a packet level to quickly tr
iage and respond to lateral movement\, phishing\, and ransomware attacks u
sing leading tools such as ProtectWise

\n

Regardless of your skill
– you will learn from this course\, understand attack patterns\, and bette
r defend your own network

\n

Spots are limited! Register quickly to make sure you have a place.

\n

\n

\n\n

\n

Our Sponsor:

\n

\n

\n

\n

\n

<
/td>\n

CyberArk is the trusted leader in Privileged Account Security\, with
more than half of the Fortune 100 companies relying on our solutions to p
rotect their most critical and high-value assets.

Abstract: For nearly a deca
de\, it has been common practice to perform third-party led penetration te
sts to evaluate the security posture of one’s organization. In many cases\
, the frequency of these tests do not exceed once or twice annually. Howev
er\, as cyber-attacks against private industry and public infrastructure b
ecome more and more common\, many are beginning to ask the question of whe
ther this assessment approach is adequate to address the ongoing persisten
t threat that most organizations are facing. Drawing off his experience fr
om both a background in consulting\, and in developing his own in-house pe
netration testing program\, the speaker will discuss the advantages of hav
ing a permanent internal penetration testing function and what capabilitie
s such a team should support.

\n

Biography:

\n\n\n

\n

\n

\n

\nJustin Hutchens
(“Hutch”) is a cyber security professional with a diverse background and a
focused expertise in offensive security assessments to include attack sim
ulations\, penetration tests\, and red teaming engagements. He has a Maste
r’s degree in Information Security and multiple industry certifications to
include CISSP\, OSCP\, GPEN\, and GWAPT. He began his career as a network
warfare operator in the United States Air Force. Upon leaving the Air For
ce\, he worked for both a startup and a Big-4 consulting firm\, leading te
ams of penetration testers\, and has recently moved to an in-house securit
y role to help his current company develop an internal testing program. Hu
tch has authored multiple publications to include his book “Kali Linux: Ne
twork Scanning Cookbook”\, eLearning training course “Kali Linux – Backtra
ck Evolved: Assuring Security by Penetration Testing”\, presentations at i
nformation security conferences (ToorCon)\, and appearances in multiple pe
riodicals (Gizmodo\, Hakin9\, PenTest Magazine\, eForensics Magazine).

\n

\n\n

\n

Contact Information:

\n

\n\n

\n

Name:

\n

Justin Hutchens<
/td>\n

\n

\n

Title:

\n

Vulnerability Assessment & Penetration Test – Lead

\n

\n

\n

Company:

\n

Deloitte Advisory Specialist Leader | Cyber Risk Ser
vices

\n

\n

\n

email:

\n

hutch@invesco
.com

\n

\n

\n

\n

\n

\n\n

\n

\n

\n

\n\n

\n

Our
Sponsor:

\n

\n

\n

\n

\n

\n

FullStack Consu
lting Group is a Houston Based Consulting Group specialized in two areas:<
br />\n– Training clients on the Microsoft Stack from Excel\, SharePoint\,
and the rest of Office 365 to Power BI\, SQL Server\, and Azure\n–
Developing custom web and mobile applications that streamlines and central
izes your business processes\, from audits to equipment management

Abstract: 95% of IoT devices are
wireless. As a result\, IoT offers a plethora of new protocols and frequen
cies over which communication travels. Furthermore\, the autonomous nature
of IoT networks creates Shadow IoT and IIoT Networks separate from the en
terprise network. Due to lack of familiarity among most enterprises\, most
organizations are ill-equipped to monitor or detect these mysterious chan
nels for harmful activities. As a result\, it’s quite easy to remain under
the radar and exploit these to exfiltrate data out of an organization or
infiltrate the network undetected. In this session we’ll explore real worl
d scenarios of IoT and IIoT risks to provide the basis for building a new
and complimentary approach to fortifying your organization’s defense-in-de
pth strategy and proactively protect against IoT network threats.
p>\n

Bi
ography:

\n

\n\n

\n

\n

td>\n

\nMicha
el T. Raggo\, Chief Security Officer\, 802 Secure (CISSP\, NSA-IAM\, ACE\,
CSI) has over 20 years of security research experience. His current focus
is wireless IoT threats impacting the enterprise. Michael is the author o
f “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding: Exposing
Concealed Data in Multimedia\, Operating Systems\, Mobile Devices and Net
work Protocols” for Syngress Books\, and contributing author for “Informat
ion Security the Complete Reference 2nd Edition”. A former security traine
r\, Michael has briefed international defense agencies including the FBI a
nd Pentagon\, is a participating member of FSISAC/BITS and PCI\, and is a
frequent presenter at security conferences\, including Black Hat\, DEF CON
\, Gartner\, RSA\, DoD Cyber Crime\, OWASP\, HackCon\, and SANS.

\n

\n\n

\n

Contact Information:

\n

\n\n

\n

Name:

\n

Michael T. Raggo

\n

\n

\n

Title:

\n

Chief Security Officer

\n

\n

\n

Company:

\n

802 Secure

\n

\n

\n

email:

\n

mraggo@802secure.c
om

\n

\n

\n

\n

https://www.linkedin.com/in/mikeraggo/

\n

\n
\n

\n

\n

\n

\n<
tbody>\n

\n

Our Sponsor:

\n

\n<
/tr>\n

\n

\n

\n

DevOps and cloud power today’
s software-driven world. You’re shipping new apps and new services on new
architectures faster than ever. To protect this growing and changing footp
rint\, you need a unified front.\n

Signal Sciences Web Protection Pl
atform protects any app\, against any attack\, and integrates with any Dev
Ops toolchain. It is designed to unify the efforts of engineering\, securi
ty and operations to increase security and maintain reliability without sa
crificing velocity.

\n

With flexible deployment options\, greater pro
tection and visibility beyond OWASP top 10\, and more integrations into yo
ur existing tools\, Signal Sciences can help you improve product security
and provide a better experience for your users

\n<
p>Abstrac
t: Bitcoin and other crypto-currencies have attracted increased m
edia headlines\, generating attention from the general public\, the invest
ment community\, government regulators\, and engineers. But there is so mu
ch hype and such a steep learning curve\, that fairly few people have a go
od grasp of the field’s true capability and potential. In this presentatio
n\, I will focus on the underlying technologies and what they can realisti
cally deliver. For those people who are new to this field\, I will explain
the most important basic concepts. For those who are already much farther
along\, I will also touch on many of the technologies currently being dev
eloped and where they may lead. Blockchain is a vast and quickly evolving
field. But I will attempt to frame it in terms well suited to cyber-securi
ty practitioners and to focus on what they need to know both personally an
d professionally.\n\n

Biography:

\n

\n\n

\n

\n

\n

\nPeter Lind
er earned his computer engineering degree at MIT.\n– For over 20 yea
rs he was deeply involved in computer hardware. He designed CPU and memory
chips for large semiconductor manufacturers\, as well as chipsets and mot
herboards for PC manufacturers. He founded and led a team of 50 chip desig
ners. He also founded and led a world-wide application support team\, gain
ing expertise in supporting and debugging computer architectures at the ha
rdware\, firmware\, and OS levels. He met regularly with Fortune-100 compu
ter-related manufacturers in the JEDEC organization setting industry stand
ards\, where he received multiple awards for his contributions as Vice-Cha
irman and Chairman of JEDEC standards engineering committees.\n– Aft
er becoming involved in cyber-security\, Peter earned his CISSP in 2008 an
d served as chapter president of the ISSA South Texas chapter in 2010. Whi
le working in security\, Peter became interested in software development\,
especially in Python and focused on bitcoin and other crypto-currencies.<
br />\n– In 2015 Peter transitioned full time into his current role as a b
lockchain technology consultant and developer.\n

Abstract: Metasploit Framework is the i
ndustry standard open source penetration testing platform. But did you kno
w it is also a powerful defensive tool? Our industry is in a constant game
of cat-and-mouse where the fundamentals are hard and the attackers are sm
art. By taking advantage of the open source spirit of Metasploit Framework
we can do more with less. This talk will focus on maximizing the Metasplo
it Framework to automate the simulation of attacks\, verify security contr
ols\, and improve your security posture.\n\nBiography:

\n

\n\n

\n

\n

\n

Cody Pierce has be
en researching offensive technologies for the past 20 years. Most notably
as a vulnerability researcher and exploit developer for the TippingPoint Z
ero Day Initiative. After ZDI\, Cody lead offensive and defensive product
research teams at Endgame\, focused on building next-gen endpoint protecti
on capabilities. Recently\, Cody has joined Rapid7 as the Principal Produc
t Manager of Metasploit\, with a passion to leverage the “Attacker Mindset
” to improve defenses in the Information Security Industry.\n

\n

\n\n

\n

Contact Information:

\n\n\n

\n

Name:

\n

Cody Pierce

\n

\n<
tr>\n

Title:

\n

Principal Product Manager

\n\n

\n

Co
mpany:

\n

Rapid7

\n

\n

\n

email:

\n

\n

\n

\n

\n

https:
//www.linkedin.com/in/cody-pierce-security/

\n

\n\n

\n

\n

\n\n

\n

<
b>Our Sponsor:

\n

\n

\n

\n

\n

\n

\n

Why Tanium?\nYour enterprise environm
ent is increasingly complex. You face a constant influx of new device type
s\, cloud technologies\, and cyber threats. Change is constant. You need v
isibility and control at scale.\nTanium’s single point of management
is designed to help you handle change and disruption. Tanium operates wit
h real-time speeds at massive scale. Tanium reduces the fragmentation and
complexity created by years of point solution purchases.\nTanium is
a different paradigm for manageability and security.

Platform as a Servi
ce (PaaS)\, is a rapidly growing offerings in the cloud computing environm
ent. PaaS is one of the most dynamic areas of cloud computing\, where new
services are offered at a fast pace. There is however some confusion about
the definition of PaaS and the capabilities that should be expected of a
PaaS offering.

\n

One of the major chall
enges by cloud customers are the fact that many different types of cloud s
ervices are given the label “PaaS”\, it can be difficult at times to evalu
ate what is being offered by the cloud service providers\, even harder to
compare offerings from different providers. Most importantly\, for the pur
pose of this guideline\, there are still confusions as well to wrap our he
ads around understanding how to properly apply security around PaaS enviro
nment

\n

PaaS imposes additional restric
tions to IaaS on how the various contents can be segmented based on their
security attributes. This document aims at framing such a segmentation exe
rcise\, while benefiting from the additional agility that PaaS has to offe
r.

\n

Finally\, this guideline attempts
to provide an organization with an understanding of the range of capabilit
ies that PaaS offerings provide and offer guidelines on securing PaaS envi
ronment for any users who develop their applications using PaaS service la
yer.

18+
year with Schlumberger IT experience covering IT service\, servers and now
focusing and enjoying all the challenges that comes with Cloud Security.
I have worked with Schlumberger in different geographies in Middle East\,
Asia Pacific and currently in North America\, one of the few things that k
eeps me engaged working for a big corporation such as Schlumberger.

\n

\n\n

\n

Contact Information:

\n\n\n

\n

Name:

\n

Wisnu Tejasukmana

\n
tr>\n

\n

Title:

\n

Cloud Security Engineer

\n

\n

\n

Company:

\n

Schlumberger

\n

\n

\n email:\n

wisnu@slb.com

\n

\n

\n

\n

\n

\n\n

\n

\n\n

\n

Our Sponsor:

\n

\n

\n

\n

\n

Tired of MSSP’s that just send alerts\, but requ
ire you to take the action?\n

Additionally\, the accuracy and breadt
h of BlueVoyant’s security coverage is informed by world leading global th
reat intelligence\, which captures and processes 40% of the worlds’ intern
et traffic every day\; a larger dataset than any other security provider i
n the world.

Event Details: \nJoin leading security
experts in discussing the importance of DevOps Security during a full day
conference in Houston\, TX. DevOps security is the practice of safeguardin
g the entire application development process and regardless of your backgr
ound\, this conference will help enhance your knowledge of DevOps Security
\, learn best practices\, risk assessment methods\, terms\, and how to bet
ter secure your organization. We are expecting over 100 IT and Security Pr
ofessionals at the conference at the new Microsoft Office. Sessions begin
at 9am and last until 4:15.

When people fail from a security perspective\, everyone seems t
o blame the users. Part of the consistent failing is that organizations ex
pect users to do their job\, and somehow know what security to implement i
nto the process on their own. This doesn’t just involve user actions\, but
the every process within an organization that places information at risk.
This presentation will talk about how to build security actions and behav
iors into organizational policies and procedures and therefore practice.
span>

\n

\n

\n
\n

\n

\n

\n

Ira is Author of Advanced Persistent Security. He is considered one of t
he world’s most influential security professionals\, and has been named a
“Modern Day James Bond” by the media. He did this by performing espionage
simulations\, where he physically and technically “broke into” some of the
largest companies in the World and investigating crimes against them\, an
d telling them how to cost effectively protect their information and compu
ter infrastructure. He continues to perform these espionage simulations\,
as well as assisting organizations in developing cost effective security p
rograms. Ira also won the Hall of Fame award from the Information Systems
Security Association\, as well as several other prestigious industry award
s. Most recently\, CSO Magazine named Ira a CSO Compass Award winner as Th
e Awareness Crusader.

Microsoft Office 365 can represent an excellent opportunity to
improve collaboration and productivity in your organization. The myriad o
f workloads (apps)\, development tools\, connectors and sharing options al
so represent a great way to leak data.\nDuring this session we’ll ex
plore some of these opportunities to lose control of your data. You will a
lso walk away with practical strategies for maintaining control\, even if
your budget isn’t big enough to purchase a top tier license.

\n<
p> \n

\n\n

\n

\n

\n

Rick
Handley\, CISSP and Data Security Manager for Schlumberger has been an Inf
ormation security practitioner for 20+ years\; his current focus is on cla
ssification and protection of digital assets. Other roles at Schlumberger
include Integration Security Manager and Endpoint Security Manager. Prior
to Schlumberger he was Director of Network Security and Integration for Sm
ith International. Rick has been a speaker at IBM Focus\, InfraGard and IS
SA Capitol of Texas. He is currently Communications Director for South Tex
as ISSA having served on the board since 2012

\n

\n
\n

\n

Contact Information:

\n

\n\n

\n

<
/td>\n

Name:

\n

Rick Handley\, CISSP

\n

\n

\n

\n

Title:

\n

Data Security Manager
td>\n

\n

\n

\n

Company:

\n

Sch
lumberger

\n

\n

\n

\n

email:<
/td>\n

RHandley@slb.com

\n

\n

\n

\n

\n

https://www.linkedin.com/in/rick-handley-80213737/

\n

\n<
/tbody>\n

\n

\nOur Sponsor:

\n

\n\n<
tr>\n

\n

\n

Delivering the market’s first Identity and Acce
ss Threat Prevention platform. We help customers preempt security threats
in real time based on identity\, behavior and risk.

Topics covered: <
/span>CompTIA Security+ is the first security c
ertification IT professionals should earn. It establishes the core knowled
ge required of any cybersecurity role and provides a springboard to interm
ediate-level cybersecurity jobs. Security+ incorporates best practices in
hands-on trouble-shooting to ensure security professionals have practical
security problem-solving skills. Cybersecurity professionals with Security
+ know how to address security incidents – not just identify them.\n
Security+ is compliant with ISO 17024 standards and approved by the US DoD
to meet directive 8140/8570.01-M requirements.

All organizations want to go faster and decrease friction in their clo
ud software delivery pipeline. Infosec has an opportunity to change their
classic approach from blocker to enabler. This talk will discuss hallmarks
of CI/CD and some practical examples for adding security testing across d
ifferent organizations. The talk will cover emergent patterns\, practices
and toolchains that bring security to the table.

\n

\n\n

\n

Bio
:

\n

\n

\n

James spends a lot of time at the intersection
of the DevOps and Security communities. He works as Head of Research at Si
gnal Sciences and is a supporter of the Rugged Software and DevSecOps move
ments. Seeing the gap in software testing\, James founded an open source p
roject\, Gauntlt\, to serve as a Rugged Testing Framework. He is the autho
r of several security and DevOps courses onLinkedIn Learning\, including:
DevOps Foundations\, Infrastructure as Code\, DevSecOps: Automated Securit
y Testing\, Continuous Delivery (CI/CD)\, and Site Reliability Engineering
.

\n

He got his start in technolo
gy when he founded a startup as a student at the University of Oklahoma an
d has since worked in environments ranging from large\, web-scale enterpri
ses to small\, rapid-growth startups. He is a dynamic speaker on topics in
DevOps\, AppSec\, InfoSec\, cloud security\, automated security testing\,
DevSecOps and serverless.

\n

James is t
he creator and founder of the Lonestar Application Security Conference whi
ch is the largest annual security conference in Austin\, TX. He also runs
DevOps Days Austin and previously served on the global DevOps Days board.
He also bears several security certifications including CISSP and GWAPT.
p>\n

In his spare time he is trying to lear
n how to make a perfect BBQ brisket.

\n

\n

\n\n

\n

Contact I
nformation:

\n

\n

\n\n

\n

<
/td>\n

Name:

\n

James Wickett

\n

\n

\n

\n

Title:

\n

Head of Research

\n

\n

\n

\n

Company:

\n

Signal S
ciences

\n

\n

\n

\n

email:

\n

\n

\n

\n

\n<
td width='80'>\n

https://www.linkedin.com/in/wickett/

\n

\n\n

\n

\nOur Sponsor:

\n

\n\n

\n

\n

\n

Delivering the market’s first Identity and
Access Threat Prevention platform. We help customers preempt security thre
ats in real time based on identity\, behavior and risk.

Come escape the frustrations of t
he year end crunch and hack “InfoSec Challenge”\, the exciting team knowle
dge competition. South Texas Chapter Members and their guests form teams w
ho collectively respond with the authority of Colbert’s Great Furry Hat. C
hoose your table carefully\, for the table members are your teammates. Pla
yed similar to a popular TV game show and in the tradition of a recent lat
e night talk show host\, there will be two exciting rounds of Karnack like
challenges\, five categories per round\, and five items per category. Sor
ry\, we’ll not have time to open envelops\, we’re using a projector instea
d\, and therefore all divining will be done at a distance. NO FOREHEADS AL
LOWED ON THE SCREEN. Contestants can bring their own furry hats. Determine
the “Question” that matches the given answer to earn your team valuable p
oints and maybe you can be a lucky winner.

\n

Game rules will be anno
unced at the meeting and are subject to interpretation at the Master of Ce
remonies’ and judge’s discretion. Any decision by the Master of Ceremonies
or the Judges is final. Penalties will not be assessed for wrong answers
or slightly rowdy participants if it gets a laugh.

\n

Hint: It might
be a good idea to catch up on your ISSA and ISC2 Information Security Prof
ession journals\, at least the last four issues of each. Knowing the Inter
national and our local chapter officers\, award winners\, and recent chapt
er activities may\, can\, and will help your team’s cause. Knowing a littl
e about security events in the news can’t hurt. Having attended a Chapter
lunch or two is a plus.

\n

Game material sources:

\n

\n

The
ISSA Journal (2018 – Sep\, Oct\, Nov\, Dec) (One time per year 5 CPEs for
subscribing to and READING any one Journal – just one per year)

\n

ISSA and ISC2 Web Conferences (2017) – September to current – 2 or 3 CPEs
each – found on the ISC2 and ISSA International Web Sites.